Skip to main content

Voltry evidence bundle — THE contract. Typed models, RFC 8785 canonical serialization, ECDSA P-384 sign/verify, generated JSON Schema.

Project description

voltry-evidence-schema

The Voltry evidence bundle: the signed contract behind every Voltry Probe scan and certificate.

Note the naming: the PyPI distribution is voltry-evidence-schema, the Python package you import is evidence_schema.

pip install voltry-evidence-schema
import evidence_schema

What it provides

  • Typed pydantic v2 models (EvidenceBundle and its blocks). Measured facts and modeled estimates are distinct types by construction; there is no single score anywhere in the schema, and no price field exists.
  • One canonical serializer: RFC 8785 (JCS) over the bundle minus its signature. This is the only path to signable bytes.
  • ECDSA P-384 (secp384r1) with SHA-384 sign and verify over those canonical bytes.
  • A generated JSON Schema for cross-language consumers.

Quick start

import json
from evidence_schema import EvidenceBundle, verify_bundle

bundle = EvidenceBundle.model_validate(json.load(open("bundle.json")))
print(verify_bundle(bundle))  # True only if the signature covers these exact bytes

Command line:

# Round-trip demo: build, canonicalize, sign, verify, tamper, verify fails
python -m evidence_schema.demo

# Emit the JSON Schema for non-Python consumers
evidence-schema-jsonschema -o evidence_bundle.schema.json

Stability

The schema is versioned semantically and the 1.x line is frozen wide: a bundle captured today remains valid and replayable indefinitely. Additive fields are minor versions; anything breaking is a major version with a migration path. Canonical bytes are covered by golden-vector tests on every supported Python version (3.10 through 3.13).

License

Apache-2.0.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

voltry_evidence_schema-1.1.0.tar.gz (41.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

voltry_evidence_schema-1.1.0-py3-none-any.whl (28.1 kB view details)

Uploaded Python 3

File details

Details for the file voltry_evidence_schema-1.1.0.tar.gz.

File metadata

  • Download URL: voltry_evidence_schema-1.1.0.tar.gz
  • Upload date:
  • Size: 41.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for voltry_evidence_schema-1.1.0.tar.gz
Algorithm Hash digest
SHA256 8fdb2677bae439abc2d2e53c4d8e3ee4d40e789be1b52cf1d8fbdd86069447af
MD5 19792d8a90c05c452f05cbd200028f3c
BLAKE2b-256 df5b697e41375abdb8c79c64c5161efcf39e53f08a79927c54c4aa8f1b1eade1

See more details on using hashes here.

Provenance

The following attestation bundles were made for voltry_evidence_schema-1.1.0.tar.gz:

Publisher: release.yml on Voltry-tech/core

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file voltry_evidence_schema-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for voltry_evidence_schema-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 46619e7726b96956a0f385b90694eeb8adbd0de3cc5939fd6f2171078e9f6e09
MD5 ded618c71022823bc43c14b38d25e972
BLAKE2b-256 e2c6328a9196b94fe945de2598b55b139eeb97f9249d7c72fe2e3830fa7eef67

See more details on using hashes here.

Provenance

The following attestation bundles were made for voltry_evidence_schema-1.1.0-py3-none-any.whl:

Publisher: release.yml on Voltry-tech/core

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page